This article explains how to register an Apps in Azure Active Directory in order to give access to Graph Apis. Following this tutorial will allow you to generate the Client Id and Client Secret that you would need in your connectors.
Step 1 : Create a new Application.
Login to Azure portal using your Office 365 administrator account.
- Go to https://portal.azure.com
- Select Azure Active Directory
- Click on App Registration (Preview)
- Click on New Registration
Give a name to the application.
Supported Account types: Select Accounts in their Organizational directory Only
Redirect URL is not used. Enter any value. I.e https://notused
Click On Register.
Create a New Secret.
- Click on Certificates and Secrets
- Click On New Client Secret
Enter a description, an expiration date and Click Add
Note the client Secret as it will never be displayed again.
At this step, the Application is created.
To get your Client ID, go to the Overview section. Your Client ID will be displayed as shown in the screenshot below:
The next step is to give it the permissions to use Graph Apis.
Step 2: Permissions
- Click On API Permissions
- Click on Add a permission
- Click on Select An API
- Click on Microsoft Graph, then Application Permissions and add the following permissions:
When used as a source connector, select the ReadAll Permission.
When used as a target connector, select the ReadWrite.All Permission
Migration to Office 365 groups or Office 365 teams require:
- Group.Read.All, Group.ReadWrite.Alls, User.Read.All, Directory. Read.All.
- See https://docs.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0
- And https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0
- Sites.ReadAll, Sites.ReadWrite.All, Sites.Manage.All, Sites.FullControl.All
Migration from OneDrive requires:
- Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
- See https://docs.microsoft.com/en-us/graph/api/drive-list?view=graph-rest-1.0
SharePoint Migration requires:
- Group.Read.All and Group.ReadWrite.All.
- Sites.Read.All, Sites.ReadWrite.All
- See https://docs.microsoft.com/en-us/graph/api/site-get?view=graph-rest-1.0
Gal sync requires:
When all the feeds are added, Grant consent.
If the Grant Consent button is greyed out like in the screenshot above, you would have to follow these steps:
- Go back to Azure Active Directory.
- Click on App Registrations (and not App registrations Preview)
- Click on your App
- Go to Settings
- Go to Required Permissions
- Click on Grant Permissions
You’re all set! All you need to do is provide the Client Id and Client Secret in your connector and start migrating!